Security researchers have discovered a new variant of the Citadel malware that injects itself into your Facebook webpages and demands that you make a donation to a fake charity for sick children. Please be warned: there are no children charities that will ask you for a donation via Facebook. There are, however, individuals very interested in stealing your credit card number and other personal information (note: this is not the first time Facebook users are specifically being targeted, and it certainly won't be the last).
Once your computer is infected with the malware, it quickly adds itself into your Facebook session, as you can see above. After you log into your Facebook account, the Citadel injection mechanism displays a pop up that encourages you to donate $1 to children who "desperately" need humanitarian aid. Next, it asks you for your name, credit card number, expiration date, CVV, and security password.
What makes this attack particularly sophisticated is that the malware is configured to use different scam text depending on your country and language, according to Trusteer. The scammers use domains such as hopeforthepoorchildren.org, fundcauses.com, lwbspain.blogspot.ca, and childfund.de to push the scam in at least five different languages: English, Italian, Spanish, German, and Dutch.
The English version of attack asks you to make a $1 donation for Haitian children living in poverty. Here's the text in question (please note that the scammers can change the scam's wording as they please):